Project

One World

NFTDeFi

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Incorrect interface support detection due to incomplete `supportsInterface`

irondevx

Summary

OWPIdentity::supportsInterface doesn't properly handle all inherited interfaces, potentially causing interface detection failures for contracts interacting with it through ERC165::supportsInterface.

Similar behavior is observed in this Sherlock contest -> https://github.com/sherlock-audit/2024-04-titles-judging/issues/287

Vulnerability Details

OWPIdentity::supportsInterface inherits from multiple contracts including ERC1155 and AccessControl, but its implementation only returns the super call result. This means the interface detection will only check the most recently inherited contract's interfaces, ignoring others in the inheritance chain, which is crucial for ERC165 compliance.
When external contracts attempt to detect supported interfaces using ERC165, they may receive false negatives for interfaces that are actually implemented but not properly reported.

Impact

Integration failures with protocols that rely on ERC-165 interface detection, due to false negatives when checking for supported interfaces

Tools Used

Manual Review

Proof of Concept

OWPIdentity.sol#L104-L111

function supportsInterface(bytes4 interfaceId)

public

view

override(ERC1155, AccessControl)

returns (bool)

{

@> return super.supportsInterface(interfaceId); // this will only return the latest contract's interface support

}

Recommended Mitigation Steps

Ensure that supportsInterface is implemented correctly to cover all inherited interfaces.

- function supportsInterface(bytes4 interfaceId) public view override(ERC1155, AccessControl) returns (bool) {

- return super.supportsInterface(interfaceId);

+ function supportsInterface(bytes4 interfaceId) public view override(ERC1155, AccessControl, ERC1155Supply) returns (bool) {

+ return ERC1155.supportsInterface(interfaceId) ||

+ AccessControl.supportsInterface(interfaceId);

}

Updates

Lead Judging Commences

0xbrivan2 Lead Judge 12 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

541

28 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.